Will hackers get my $3 million retirement savings if I keep it all at one investment firm?

Practicing good password hygiene is probably the most important thing you can do to keep your money safe from hackers. – Getty Images/iStockphoto

Most Read from MarketWatch

Dear Fix My Portfolio,

My wife and I are in our mid-50s and are looking forward to a comfortable retirement. We have been diligent savers and self-managed investors. Now we want to better safeguard our $3 million nest egg.

We each have funds in our respective employer-sponsored 401(k)s. More than half of our total is at one large, well-respected investment firm. As we approach retirement, I’d like to roll over our other 401(k)s to that firm to take advantage of lower fees.

But I fear that the “all our eggs in one basket” strategy might put us at risk. Specifically, I worry about cyber attacks. My concern goes beyond personal security like strong passwords and two-factor authentication. Would it be wise to spread our investments around to a few different firms?

With multiple firms, it seems to raise the risk that one or more of those firms could be attacked. However, it might lower the risk that we could lose it all. I am starting to sound a little paranoid, aren’t I? What would be the best thing to do?


Dear Dan,

With all that’s been going on in the banking industry of late, you’re not alone in worrying about the safety of your money. Most of the fears over the last two years have been about bank failures, and that involves cash covered by FDIC insurance, up to $250,000 per account type. What you’re talking about — mostly investments and retirement accounts — concerns a different type of insurance, SIPC, which has higher limits, up to $500,000 per account.

About 40% of investors have a primary account and an additional account somewhere else, says Craig Martin, executive managing director at J.D. Power, which measures investor satisfaction with investing firms annually. That number goes up to 50% among those with more than $1 million.

“This data doesn’t imply people are unhappy. It’s just a different way of diversifying a portfolio,” Martin says. “People have a lot of reasons for having a secondary relationship. Some want to have secondary backups or options that are available at different firms, or they want to do investing on the side but have most of it in one place.”

Your money is protected

One thing financial advisers point out is that your money is safe and insured at the institutional level. The industry is highly regulated, and companies invest a lot of money in security. Your own password hygiene and home security is probably most important. If something were to go wrong and you were the victim of a robbery, you could file a claim.

“SIPC and FDIC insurance coverage should alleviate some concerns,” says Byrke Sestok, a certified financial planner based in Harrison, N.Y.

We all learned a lot about the ins and outs of FDIC limits when Silicon Valley Bank failed in 2023. The $250,000 insurance limit applies to each account type and separate title. So if you have a savings account, a checking account and a CD titled jointly with your wife, you’re covered up to a total of $750,000. SIPC insurance has similar coverage for investment accounts, so if you and your wife each have a rollover IRA account, and you have separate Roth accounts along with a joint brokerage account, you can cover your whole nest egg, even as it grows, without having to move money to more than one institution.

Autumn Knutson, a certified financial planner from Oklahoma, says her clients generally keep their money in one brokerage account simply for the sake of convenience. “For security, we ensure clients know how to use two-factor authentication, maintain unique and complex passwords for each login through password-manager programs, and have security questions that would be difficult to answer correctly without having set them,” she says.

Is more better?

If you still have concerns or you simply want to keep your money in more than one institution, that’s entirely up to you. I polled a dozen financial planners and asked how their clients generally handled their accounts and what they recommended and, across the board, they advocated for consolidation.

“True diversification comes from investing your assets in thousands of securities across multiple asset classes — best done in the form of mutual funds and exchange-traded funds — rather than from having your money at several different custodians,” says Carla Adams, a certified financial planner from Orion, Mich.

When advisers do have clients who spread their money around, they rely on aggregation software to get a full view of a family’s financial situation, and do the best they can with it.

“With the families who have spread their assets across several firms, there is often duplication of holdings, missed tax-planning opportunities and general administrative hassle in trading, titling [and] beneficiaries and monitoring and management,” says Lisa Kirchenbauer, a planner from Arlington, Va. “Sometimes we just have to go with it and thank goodness for aggregating tools like eMoney so we can see the client’s assets across custodians.”

If you’re doing your financial management on your own, you’ll have to approximate something similar to get a holistic view of your holdings if you spread them around. A password manager to secure your login credentials would also be a must-have so you can sleep at night.

Most Read from MarketWatch

More from Fix My Portfolio